print '<title>' . $GLOBALS["strPreferencesTitle"] . '</title>'; print $subscribepagedata["header"]; if (!TEST) { if ($emailchanged) { if (sendMail($data["email"], getConfig("updatesubject"), $oldaddressmessage, system_messageheaders($email), '') && sendMail($email, getConfig("updatesubject"), $newaddressmessage, system_messageheaders($email), '')) { $ok = 1; sendAdminCopy("Lists information changed", "\n" . $data["email"] . " has changed their information.\n\nThe email has changed to {$email}.\n\n{$history_entry}"); addUserHistory($email, "Change", $history_entry); } else { $ok = 0; } } else { if (sendMail($email, getConfig("updatesubject"), $message, system_messageheaders($email), '')) { $ok = 1; sendAdminCopy("Lists information changed", "\n" . $data["email"] . " has changed their information\n\n{$history_entry}"); addUserHistory($email, "Change", $history_entry); } else { $ok = 0; } } } else { $ok = 1; } if ($ok) { print '<h3>' . $GLOBALS["strPreferencesUpdated"] . '</h3>'; if ($emailchanged) { echo $strPreferencesEmailChanged; } print "<br/>"; echo $strPreferencesNotificationSent; } else {
if ($isValid) { ## I guess everyone will import all their users wanting to receive HTML .... $query = sprintf('insert into %s (email,entered,htmlemail,confirmed,uniqid) values("%s",now(),1,1,"%s")', $tables["user"], $line, $uniqid); $result = Sql_query($query, 1); $userid = Sql_insert_id(); if (empty($userid)) { $count['duplicate']++; ## mark the subscriber confirmed, don't touch blacklisted ## hmm, maybe not, can be done on the reconcile page # Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $tables["user"], $line)); $idreq = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $tables["user"], $line)); $userid = $idreq[0]; } else { $count['imported']++; addUserHistory($line, $GLOBALS['I18N']->get('import_by') . ' ' . adminName(), ''); } ## do not add them to the list(s) when blacklisted $isBlackListed = isBlackListed($line); if (!$isBlackListed) { $count['addedtolist']++; foreach ($selected_lists as $k => $listid) { $query = "replace into " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())"; $result = Sql_query($query); } } else { $count['foundonblacklist']++; } } else { $count['invalid']++; $rejectReport['invalid'] .= "\n" . $line;
function processBounceData($bounceid, $msgid, $userid) { global $tables; $useremailQ = Sql_fetch_row_query(sprintf('select email from %s where id = %d', $tables['user'], $userid)); $useremail = $useremailQ[0]; if ($msgid === "systemmessage" && !empty($userid)) { Sql_Query(sprintf('update %s set status = "bounced system message", comment = "%s marked unconfirmed" where id = %d', $tables["bounce"], $userid, $bounceid)); logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, user marked unconfirmed")); addUserHistory($useremail, $GLOBALS['I18N']->get("Bounced system message"), "\n <br/>" . $GLOBALS['I18N']->get("User marked unconfirmed") . "\n <br/><a href=\"./?page=bounce&id={$bounceid}\">" . $GLOBALS['I18N']->get("View Bounce") . "</a>\n\n "); Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $tables["user"], $userid)); } elseif (!empty($msgid) && !empty($userid)) { ## check if we already have this um as a bounce ## so that we don't double count "delayed" like bounces $exists = Sql_Fetch_Row_Query(sprintf('select count(*) from %s where user = %d and message = %d', $tables["user_message_bounce"], $userid, $msgid)); if (empty($exists[0])) { Sql_Query(sprintf('insert into %s set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid)); Sql_Query(sprintf('update %s set status = "bounced list message %d", comment = "%s bouncecount increased" where id = %d', $tables["bounce"], $msgid, $userid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["message"], $msgid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["user"], $userid)); } else { ## we create the relationship, but don't increase counters Sql_Query(sprintf('insert into %s set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid)); ## we cannot translate this text Sql_Query(sprintf('update %s set status = "duplicate bounce for %d", comment = "duplicate bounce for subscriber %d on message %d" where id = %d', $tables["bounce"], $userid, $userid, $msgid, $bounceid)); } } elseif ($userid) { Sql_Query(sprintf('update %s set status = "bounced unidentified message", comment = "%s bouncecount increased" where id = %d', $tables["bounce"], $userid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["user"], $userid)); } elseif ($msgid === 'systemmessage') { Sql_Query(sprintf('update %s set status = "bounced system message", comment = "unknown user" where id = %d', $tables["bounce"], $bounceid)); logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, but unknown user")); } elseif ($msgid) { Sql_Query(sprintf('update %s set status = "bounced list message %d", comment = "unknown user" where id = %d', $tables["bounce"], $msgid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["message"], $msgid)); } else { Sql_Query(sprintf('update %s set status = "unidentified bounce", comment = "not processed" where id = %d', $tables["bounce"], $bounceid)); return false; } return true; }
if (!isset($page)) { global $page; } if (!isset($ZBX_PAGE_POST_JS)) { global $ZBX_PAGE_POST_JS; } if (!defined('PAGE_HEADER_LOADED')) { define('PAGE_HEADER_LOADED', 1); } // history if (isset($page['hist_arg']) && CWebUser::$data['alias'] != ZBX_GUEST_USER && $page['type'] == PAGE_TYPE_HTML && !defined('ZBX_PAGE_NO_MENU')) { // if URL length is greater than DB field size, skip history update $url = getHistoryUrl($page); if ($url) { DBstart(); $result = addUserHistory($page['title'], $url); DBend($result); } } // last page if (!defined('ZBX_PAGE_NO_MENU') && $page['file'] != 'profile.php') { CProfile::update('web.paging.lastpage', $page['file'], PROFILE_TYPE_STR); } if (CProfile::isModified()) { DBstart(); $result = CProfile::flush(); DBend($result); } // end transactions if they have not been closed already if (isset($DB) && isset($DB['TRANSACTIONS']) && $DB['TRANSACTIONS'] != 0) { error(_('Transaction has not been closed. Aborting...'));
function sendMail($to, $subject, $message, $header = "", $parameters = "") { # mail($to,$subject,$message); dbg("mail {$to} {$subject}"); if (!$to) { logEvent("Error: empty To: in message with subject {$subject} to send"); return 0; } elseif (!$subject) { logEvent("Error: empty Subject: in message to send to {$to}"); return 0; } if (isBlackListed($to)) { logEvent("Error, {$to} is blacklisted, not sending"); Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $this->tables["user"], $to)); addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed"); return 0; } $v = phpversion(); $v = preg_replace("/\\-.*\$/", "", $v); $header .= "X-Mailer: webbler/phplist v" . VERSION . ' (http://www.phplist.com)' . "\n"; $from_address = $this->getConfig("message_from_address"); $from_name = $this->getConfig("message_from_name"); if ($from_name) { $header .= "From: \"{$from_name}\" <{$from_address}>\n"; } else { $header .= "From: {$from_address}\n"; } $message_replyto_address = $this->getConfig("message_replyto_address"); if ($message_replyto_address) { $header .= "Reply-To: {$message_replyto_address}\n"; } else { $header .= "Reply-To: {$from_address}\n"; } $v = VERSION; $v = ereg_replace("-dev", "", $v); $header .= "X-MessageID: systemmessage\n"; if ($useremail) { $header .= "X-User: "******"\n"; } if ($this->message_envelope) { $header = rtrim($header); if ($header) { $header .= "\n"; } $header .= "Errors-To: " . $this->message_envelope; if (!$parameters || !ereg("-f" . $this->message_envelope)) { $parameters = '-f' . $this->message_envelope; } } if (!ereg("dev", VERSION)) { if (mail($to, $subject, $message, $header, $parameters)) { return 1; } else { return mail($to, $subject, $message, $header); } } else { # send mails to one place when running a test version $message = "To: {$to}\n" . $message; if ($this->developer_email) { return mail($this->developer_email, $subject, $message, $header, $parameters); } else { print "Error: Running CVS version, but developer_email not set"; } } }
$listmembership = array(); $req = Sql_Query("select * from {$tables['listuser']} where userid = {$userid}"); while ($row = Sql_Fetch_Array($req)) { $listmembership[$row['listid']] = listName($row['listid']); } $history_entry .= "\n" . $GLOBALS['I18N']->get('List subscriptions:') . "\n"; foreach ($old_listmembership as $key => $val) { $history_entry .= $GLOBALS['I18N']->get('Was subscribed to:') . " {$val}\n"; } foreach ($listmembership as $key => $val) { $history_entry .= $GLOBALS['I18N']->get('Is now subscribed to:') . " {$val}\n"; } if (!count($listmembership)) { $history_entry .= $GLOBALS['I18N']->get('Not subscribed to any lists') . "\n"; } addUserHistory($email, $GLOBALS['I18N']->get('Import by ') . adminName(), $history_entry); } // end if } // end while # lets be gramatically correct :-) $displists = $num_lists == 1 ? $GLOBALS['I18N']->get('list') : $GLOBALS['I18N']->get('lists'); $dispemail = $count_email_add == 1 ? $GLOBALS['I18N']->get('new email was') : $GLOBALS['I18N']->get('new emails were'); $dispemail2 = $additional_emails == 1 ? $GLOBALS['I18N']->get('email was') : $GLOBALS['I18N']->get('emails were'); if ($count_email_exist) { $report .= '<br/> ' . s('%d emails already existed in the database', $count_email_exist); } if (!$some && !$additional_emails) { $report .= '<br/>' . s('All the emails already exist in the database.'); } else { $report .= "<br/>{$count_email_add} {$dispemail} " . s('succesfully imported to the database and added to') . " {$num_lists} {$displists}.<br/>{$additional_emails} {$dispemail2} " . $GLOBALS['I18N']->get('subscribed to the') . " {$displists}";
function sendMail($to, $subject, $message, $header = "", $parameters = "", $skipblacklistcheck = 0) { if (TEST) { return 1; } # do a quick check on mail injection attempt, @@@ needs more work if (preg_match("/\n/", $to)) { logEvent("Error: invalid recipient, containing newlines, email blocked"); return 0; } if (preg_match("/\n/", $subject)) { logEvent("Error: invalid subject, containing newlines, email blocked"); return 0; } if (!$to) { logEvent("Error: empty To: in message with subject {$subject} to send"); return 0; } elseif (!$subject) { logEvent("Error: empty Subject: in message to send to {$to}"); return 0; } if (!$skipblacklistcheck && isBlackListed($to)) { logEvent("Error, {$to} is blacklisted, not sending"); Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to)); addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed"); return 0; } if ($GLOBALS['usephpmailer']) { return sendMailPhpMailer($to, $subject, $message); } else { return sendMailOriginal($to, $subject, $message, $header, $parameters); } return 0; }
function unBlackList($userid = 0) { if (!$userid) { return; } $email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = {$userid}"); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist"], $email[0])); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist_data"], $email[0])); Sql_Query(sprintf('update %s set blacklisted = 0 where id = %d', $GLOBALS["tables"]["user"], $userid)); if (isset($_SESSION["logindetails"]["adminname"])) { $msg = "Removed from blacklist by " . $_SESSION["logindetails"]["adminname"]; addUserHistory($email[0], $msg, ""); } }
foreach ($unsubscribed_to as $key => $desc) { $history_entry .= "Unsubscribed from {$desc}\n"; } } else { $history_entry .= "\nList subscriptions:\n"; foreach ($old_listmembership as $key => $val) { $history_entry .= "Was subscribed to: {$val}\n"; } foreach ($listmembership as $key => $val) { $history_entry .= "Is now subscribed to: {$val}\n"; } if (!sizeof($listmembership)) { $history_entry .= "Not subscribed to any lists\n"; } } addUserHistory($email, "Update by " . adminName($_SESSION["logindetails"]["id"]), $history_entry); if ($newuser) { Redirect("user&id={$id}"); exit; } Info($GLOBALS['I18N']->get('Changes saved')); } if (isset($delete) && $delete && $access != "view") { # delete the index in delete print $GLOBALS['I18N']->get('Deleting') . " {$delete} ..\n"; if ($require_login && !isSuperUser()) { $lists = Sql_query("SELECT listid FROM {$tables["listuser"]},{$tables["list"]} where userid = " . $delete . " and {$tables['listuser']}.listid = {$tables['list']}.id {$subselect} "); while ($lst = Sql_fetch_array($lists)) { Sql_query("delete from {$tables["listuser"]} where userid = {$delete} and listid = {$lst['0']}"); } } else {
function unsubscribePage($id) { $pagedata = pageData($id); if (isset($pagedata['language_file']) && is_file(dirname(__FILE__) . '/texts/' . $pagedata['language_file'])) { @(include dirname(__FILE__) . '/texts/' . $pagedata['language_file']); } global $tables; $res .= '<title>' . $GLOBALS["strUnsubscribeTitle"] . '</title>'; $res = $pagedata["header"]; if (isset($_GET["uid"])) { $req = Sql_Query("select * from {$tables['user']} where uniqid = \"" . $_GET["uid"] . "\""); $userdata = Sql_Fetch_Array($req); $email = $userdata["email"]; if (UNSUBSCRIBE_JUMPOFF) { $_POST["unsubscribe"] = 1; $_POST["email"] = $email; $_POST["unsubscribereason"] = '"Jump off" set, reason not requested'; } } if (isset($_POST["unsubscribe"]) && (isset($_POST["email"]) || isset($_POST["unsubscribeemail"])) && isset($_POST["unsubscribereason"])) { if (isset($_POST["email"])) { $email = trim($_POST["email"]); } else { $email = $_POST["unsubscribeemail"]; } $query = Sql_Fetch_Row_Query("select id,email from {$tables["user"]} where email = \"{$email}\""); $userid = $query[0]; $email = $query[1]; if (!$userid) { $res .= 'Error: ' . $GLOBALS["strUserNotFound"]; logEvent("Request to unsubscribe non-existent user: "******"email"], 0, 150)); } else { $result = Sql_query("delete from {$tables["listuser"]} where userid = \"{$userid}\""); $lists = " * " . $GLOBALS["strAllMailinglists"] . "\n"; # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, "Unsubscription", "Unsubscribed from {$lists}"); $unsubscribemessage = ereg_replace("\\[LISTS\\]", $lists, getUserConfig("unsubscribemessage", $userid)); sendMail($email, getConfig("unsubscribesubject"), stripslashes($unsubscribemessage), system_messageheaders($email)); $reason = $_POST["unsubscribereason"] ? "Reason given:\n" . stripslashes($_POST["unsubscribereason"]) : "No Reason given"; sendAdminCopy("List unsubscription", $email . " has unsubscribed\n{$reason}"); addSubscriberStatistics('unsubscription', 1); } if ($userid) { $res .= '<h1>' . $GLOBALS["strUnsubscribeDone"] . "</h1><P>"; } $res .= $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; } elseif (isset($_POST["unsubscribe"]) && !$_POST["unsubscribeemail"]) { $msg = '<span class="error">' . $GLOBALS["strEnterEmail"] . "</span><br>"; } elseif (!empty($_GET["email"])) { $email = trim($_GET["email"]); } else { if (isset($_REQUEST["email"])) { $email = $_REQUEST["email"]; } elseif (isset($_REQUEST['unsubscribeemail'])) { $email = $_REQUEST['unsubscribeemail']; } elseif (!isset($email)) { $email = ''; } } if (!isset($msg)) { $msg = ''; } $res .= '<b>' . $GLOBALS["strUnsubscribeInfo"] . '</b><br>' . $msg . formStart(); $res .= '<table> <tr><td>' . $GLOBALS["strEnterEmail"] . ':</td><td colspan=3><input type=text name="unsubscribeemail" value="' . $email . '" size=40></td></tr> </table>'; if (!$email) { $res .= "<input type=submit name=unsubscribe value=\"{$GLOBALS['strContinue']}\"></form>\n"; $res .= $GLOBALS["PoweredBy"]; $res .= $pagedata["footer"]; return $res; } $current = Sql_Fetch_Array_query("SELECT list.id as listid,user.uniqid as userhash, user.password as password FROM {$tables['list']} as list,{$tables['listuser']} as listuser,{$tables['user']} as user where list.id = listuser.listid and user.id = listuser.userid and user.email = \"{$email}\""); $some = $current["listid"]; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current["userhash"]; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS["strUnsubscribeFinalInfo"]; $pref_url = getConfig("preferencesurl"); $sep = ereg('\\?', $pref_url) ? '&' : '?'; $finaltext = eregi_replace('\\[preferencesurl\\]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { $res .= "<b>" . $GLOBALS["strNoListsFound"] . "</b></ul>"; $res .= '<p><input type=submit value="' . $GLOBALS["strResubmit"] . '">'; } else { list($r, $c) = explode(",", getConfig("textarea_dimensions")); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS["strUnsubscribeRequestForReason"]; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . ' ' . $finaltext . ' <p><input type=submit name="unsubscribe" value="' . $GLOBALS["strUnsubscribe"] . '"></p>'; } $res .= '<p>' . $GLOBALS["PoweredBy"] . '</p>'; $res .= $pagedata["footer"]; return $res; }
function sendMail($to, $subject, $message, $header = "", $parameters = "") { mail($to, $subject, $message); dbg("mail {$to} {$subject}"); if (TEST) { return 1; } if (!$to) { logEvent("Error: empty To: in message with subject {$subject} to send"); return 0; } elseif (!$subject) { logEvent("Error: empty Subject: in message to send to {$to}"); return 0; } if (isBlackListed($to)) { logEvent("Error, {$to} is blacklisted, not sending"); Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS["tables"]["user"], $to)); addUserHistory($to, "Marked Blacklisted", "Found user in blacklist while trying to send an email, marked black listed"); return 0; } $v = phpversion(); $v = preg_replace("/\\-.*\$/", "", $v); if ($GLOBALS["message_envelope"]) { $header = rtrim($header); if ($header) { $header .= "\n"; } $header .= "Errors-To: " . $GLOBALS["message_envelope"]; if (!$parameters || !ereg("-f" . $GLOBALS["message_envelope"], $parameters)) { $parameters = '-f' . $GLOBALS["message_envelope"]; } } $header .= "X-Mailer: PHPlist v" . VERSION . ' (http://www.phplist.com)' . "\n"; if (WORKAROUND_OUTLOOK_BUG) { $header = rtrim($header); if ($header) { $header .= "\n"; } $header .= "X-Outlookbug-fixed: Yes"; $message = preg_replace("/\r?\n/", "\r\n", $message); } if (!ereg("dev", VERSION)) { if ($v > "4.0.5" && !ini_get("safe_mode")) { if (mail($to, $subject, $message, $header, $parameters)) { return 1; } else { return mail($to, $subject, $message, $header); } } else { return mail($to, $subject, $message, $header); } } else { # send mails to one place when running a test version $message = "To: {$to}\n" . $message; if ($GLOBALS["developer_email"]) { return mail($GLOBALS["developer_email"], $subject, $message, $header, $parameters); } else { print "Error: Running CVS version, but developer_email not set"; } } }
} $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $tables['user'], $userid)); $current_data = array_merge($current_data, getUserAttributeValues('', $userid)); $information_changed = 0; foreach ($current_data as $key => $val) { if (!is_numeric($key)) { if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != 'password' && $key != 'modified') { $information_changed = 1; $history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n"; } } } if (!$information_changed) { $history_entry .= "\nNo user details changed"; } addUserHistory($user['systemvalues']['email'], 'Import by ' . adminName(), $history_entry); } #add this user to the lists identified, except when they are blacklisted $isBlackListed = isBlackListed($user['systemvalues']['email']); if (!$isBlackListed && is_array($_SESSION['lists'])) { reset($_SESSION['lists']); $addition = 0; $listoflists = ''; while (list($key, $listid) = each($_SESSION['lists'])) { $query = 'replace INTO ' . $tables['listuser'] . " (userid,listid,entered) values({$userid},{$listid},now())"; $result = Sql_query($query, 1); # if the affected rows is 2, the user was already subscribed $addition = $addition || Sql_Affected_Rows() == 1; $listoflists .= ' * ' . listName($key) . "\n"; # $_SESSION["listname"][$key] . "\n"; }
$old_data[$key] = s('(no data)'); } $history_entry .= "{$key} = {$val}\n" . s('changed from') . " {$old_data[$key]}\n"; } } } if (!$history_entry) { $history_entry = "\n" . s('No data changed') . "\n"; } foreach ($subscribed_to as $key => $desc) { $history_entry .= s('Subscribed to %s', $desc) . "\n"; } foreach ($unsubscribed_from as $key => $desc) { $history_entry .= s('Unsubscribed from %s', $desc) . "\n"; } addUserHistory($email, s('Update by %s', adminName($_SESSION['logindetails']['id'])), $history_entry); if (empty($newuser)) { $_SESSION['action_result'] = s('Changes saved') . $feedback; } Redirect("user&id={$id}"); exit; } /************ END <whitout_error IF block> (start in line 71) **********************/ } if (isset($delete) && $delete && $access != 'view') { verifyCsrfGetToken(); # delete the index in delete $_SESSION['action_result'] = s('Deleting') . " {$delete} ..\n"; if ($require_login && !isSuperUser()) { $lists = Sql_query("SELECT listid FROM {$tables['listuser']},{$tables['list']} where userid = " . $delete . " and {$tables['listuser']}.listid = {$tables['list']}.id {$subselect} "); while ($lst = Sql_fetch_array($lists)) {
/** * Add a Subscriber with lists. * * <p><strong>Parameters:</strong><br/> * [*email] {string} the email address of the Subscriber.<br/> * [*foreignkey] {string} Foreign key.<br/> * [*htmlemail] {integer} 1=html emails, 0=no html emails.<br/> * [*subscribepage] {integer} subscribepage to sign up to.<br/> * [*lists] {string} comma-separated list IDs.<br/> * </p> * <p><strong>Returns:</strong><br/> * The added Subscriber. * </p> */ public static function subscribe() { $sql = 'INSERT INTO ' . $GLOBALS['tables']['user'] . ' (email, htmlemail, foreignkey, subscribepage, entered, uniqid) VALUES (:email, :htmlemail, :foreignkey, :subscribepage, now(), :uniqid);'; $uniqueID = Common::createUniqId(); $subscribePage = sprintf('%d', $_REQUEST['subscribepage']); if (!validateEmail($_REQUEST['email'])) { Response::outputErrorMessage('invalid email address'); } $listNames = ''; $lists = explode(',', $_REQUEST['lists']); try { $db = PDO::getConnection(); $stmt = $db->prepare($sql); $stmt->bindParam('email', $_REQUEST['email'], PDO::PARAM_STR); $stmt->bindParam('htmlemail', $_REQUEST['htmlemail'], PDO::PARAM_BOOL); /* @@todo ensure uniqueness of FK */ $stmt->bindParam('foreignkey', $_REQUEST['foreignkey'], PDO::PARAM_STR); $stmt->bindParam('subscribepage', $subscribePage, PDO::PARAM_INT); $stmt->bindParam('uniqid', $uniqueID, PDO::PARAM_STR); $stmt->execute(); $subscriberId = $db->lastInsertId(); foreach ($lists as $listId) { $stmt = $db->prepare('replace into ' . $GLOBALS['tables']['listuser'] . ' (userid,listid,entered) values(:userid,:listid,now())'); $stmt->bindParam('userid', $subscriberId, PDO::PARAM_INT); $stmt->bindParam('listid', $listId, PDO::PARAM_INT); $stmt->execute(); $listNames .= "\n * " . listname($listId); } $subscribeMessage = getUserConfig("subscribemessage:{$subscribePage}", $subscriberId); $subscribeMessage = str_replace('[LISTS]', $listNames, $subscribeMessage); $subscribePage = sprintf('%d', $_REQUEST['subscribepage']); sendMail($_REQUEST['email'], getConfig("subscribesubject:{$subscribePage}"), $subscribeMessage); addUserHistory($_REQUEST['email'], 'Subscription', 'Subscription via the Rest-API plugin'); $db = null; self::SubscriberGet($subscriberId); } catch (\Exception $e) { Response::outputError($e); } }
++$unconfirmed; # when running from commandline we mark it as sent, otherwise we might get # stuck when using batch processing # if ($GLOBALS["commandline"]) { $um = Sql_query("replace into {$tables['usermessage']} (entered,userid,messageid,status) values(now(),{$userid},{$messageid},\"unconfirmed user\")"); # } } elseif ($user['email'] || $user['id']) { if (VERBOSE) { processQueueOutput(s('Invalid email address') . ': ' . $user['email'] . ' ' . $user['id']); } logEvent(s('Invalid email address') . ': userid ' . $user['id'] . ' email ' . $user['email']); # mark it as sent anyway if ($user['id']) { $um = Sql_query(sprintf('replace into %s (entered,userid,messageid,status) values(now(),%d,%d,"invalid email address")', $tables['usermessage'], $userid, $messageid)); Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $GLOBALS['tables']['user'], $user['id'])); addUserHistory($user['email'], s('Subscriber marked unconfirmed for invalid email address'), s('Marked unconfirmed while sending campaign %d', $messageid)); } ++$counters['invalid']; } } } else { ## and this is quite historical, and also unlikely to be every called # because we now exclude users who have received the message from the # query to find users to send to ## when trying to send the message, it was already marked for this user ## June 2010, with the multiple send process extension, that's quite possible to happen again $um = Sql_Fetch_Row($um); ++$notsent; if (VERBOSE) { processQueueOutput($GLOBALS['I18N']->get('Not sending to') . ' ' . $userid . ', ' . $GLOBALS['I18N']->get('already sent') . ' ' . $um[0]); }
<?php if (empty($_SESSION['last_addemail'])) { $_SESSION['last_addemail'] = 0; } if (!defined('PHPLISTINIT')) { die; } verifyCsrfGetToken(); if (!empty($_GET['email'])) { $delay = time() - $_SESSION['last_addemail']; if (!validateEmail($_GET['email'])) { $status = s('That is not a valid email address'); } elseif ($delay > ADD_EMAIL_THROTTLE) { $_SESSION['last_addemail'] = time(); Sql_Query(sprintf('insert into %s (email,uniqid,htmlemail,entered) values("%s","%s",1,now())', $GLOBALS['tables']['user'], sql_escape($_GET['email']), getUniqid()), 1); addUserHistory($_GET['email'], s('Added by %s', adminName()), s('Added with add-email on test')); $status = s('Email address added'); } else { # pluginsCall('processError','Error adding email address, throttled'); foreach ($GLOBALS['plugins'] as $plname => $plugin) { $plugin->processError('Add email throttled ' . $delay); } $status = s('Adding email address failed, try again later'); } }
function unsubscribePage($id) { global $tables; $email = ''; $userid = 0; $msg = ''; ## for unsubscribe, don't validate host $GLOBALS['check_for_host'] = 0; $res = '<title>' . $GLOBALS['strUnsubscribeTitle'] . '</title>' . "\n"; $res .= $GLOBALS['pagedata']['header']; if (isset($_GET['uid'])) { $userdata = Sql_Fetch_Array_Query(sprintf('select email,id,blacklisted from %s where uniqid = "%s"', $tables['user'], sql_escape($_GET['uid']))); $email = $userdata['email']; $userid = $userdata['id']; $isBlackListed = $userdata['blacklisted'] != '0'; $blacklistRequest = false; } else { if (isset($_REQUEST['email'])) { $email = $_REQUEST['email']; } if (!validateEmail($email)) { $email = ''; } #0013076: Blacklisting posibility for unknown users # Set flag for blacklisting $blacklistRequest = $_GET['p'] == 'blacklist' || $_GET['p'] == 'donotsend'; # only proceed when user has confirm the form if ($blacklistRequest && is_email($email)) { $_POST['unsubscribe'] = 1; $_POST['unsubscribereason'] = s('Forwarded receiver requested blacklist'); } } if (UNSUBSCRIBE_JUMPOFF || !empty($_GET['jo'])) { $_POST['unsubscribe'] = 1; $_REQUEST['email'] = $email; if (!empty($_GET['jo'])) { $blacklistRequest = true; $_POST['unsubscribereason'] = s('"Jump off" used by subscriber, reason not requested'); } else { $_POST['unsubscribereason'] = s('"Jump off" set, reason not requested'); } } foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { # print $pluginname.'<br/>'; if ($plugin->unsubscribePage($email)) { return; } } if (!empty($email) && isset($_POST['unsubscribe']) && isset($_REQUEST['email']) && isset($_POST['unsubscribereason'])) { ## all conditions met, do the unsubscribe #0013076: Blacklisting posibility for unknown users // It would be better to do this above, where the email is set for the other cases. // But to prevent vulnerabilities let's keep it here for now. [bas] if (!$blacklistRequest) { $query = Sql_Fetch_Row_Query(sprintf('select id,email,blacklisted from %s where email = "%s"', $tables['user'], sql_escape($email))); $userid = $query[0]; $email = $query[1]; $isBlackListed = !empty($query[2]); } if (!$userid) { #0013076: Blacklisting posibility for unknown users if ($blacklistRequest && !empty($email)) { addUserToBlacklist($email, $_POST['unsubscribereason']); addSubscriberStatistics('blacklist', 1); $res .= '<h3>' . $GLOBALS['strUnsubscribedNoConfirm'] . '</h3>'; } else { $res .= $GLOBALS['strNoListsFound']; #'Error: '.$GLOBALS["strUserNotFound"]; logEvent('Request to unsubscribe non-existent user: '******'select listid from %s where userid = %d', $GLOBALS['tables']['listuser'], $userid)); while ($row = Sql_Fetch_Row($listsreq)) { array_push($subscriptions, $row[0]); } ## 17753 - do not actually remove the list-membership when unsubscribing # $result = Sql_query(sprintf('delete from %s where userid = %d',$tables["listuser"],$userid)); $lists = ' * ' . $GLOBALS['strAllMailinglists'] . "\n"; if (empty($isBlackListed)) { // only process when not already marked as blacklisted # add user to blacklist addUserToBlacklist($email, nl2br(strip_tags($_POST['unsubscribereason']))); addUserHistory($email, 'Unsubscription', "Unsubscribed from {$lists}"); $unsubscribemessage = str_replace('[LISTS]', $lists, getUserConfig("unsubscribemessage:{$id}", $userid)); sendMail($email, getUserConfig("unsubscribesubject:{$id}"), stripslashes($unsubscribemessage), system_messageheaders($email), '', true); $reason = $_POST['unsubscribereason'] ? "Reason given:\n" . stripslashes($_POST['unsubscribereason']) : 'No Reason given'; sendAdminCopy('List unsubscription', $email . " has unsubscribed\n{$reason}", $subscriptions); addSubscriberStatistics('unsubscription', 1); } } if ($userid) { $res .= '<h3>' . $GLOBALS['strUnsubscribeDone'] . '</h3>'; } #0013076: Blacklisting posibility for unknown users //if ($blacklistRequest) { //$res .= '<h3>'.$GLOBALS["strYouAreBlacklisted"] ."</h3>"; //} $res .= $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; } elseif (isset($_POST['unsubscribe']) && !is_email($email) && !empty($email)) { $msg = '<span class="error">' . $GLOBALS['strEnterEmail'] . '</span><br>'; } $res .= '<h3>' . $GLOBALS['strUnsubscribeInfo'] . '</h3>' . $msg . '<form method="post" action=""><input type="hidden" name="p" value="unsubscribe" />'; if (!isset($_POST['email']) || empty($email)) { $res .= '<p>' . $GLOBALS['strEnterEmail'] . ': <input type="text" name="email" value="' . $email . '" size="40" /></p>'; } else { $res .= '<p><input type="hidden" name="email" value="' . $email . '" />' . $GLOBALS['strEmail'] . ': ' . $email . '</p>'; } if (!$email) { $res .= '<input type="submit" name="unsubscribe" value="' . $GLOBALS['strContinue'] . '"></form>'; $res .= $GLOBALS['PoweredBy']; $res .= $GLOBALS['pagedata']['footer']; return $res; } $current = Sql_Fetch_Array_query(sprintf('select list.id as listid,user.uniqid as userhash, user.password as password from %s as list,%s as listuser,%s as user where list.id = listuser.listid and user.id = listuser.userid and user.email = "%s"', $tables['list'], $tables['listuser'], $tables['user'], sql_escape($email))); $some = $current['listid']; if (ASKFORPASSWORD && !empty($user['password'])) { # it is safe to link to the preferences page, because it will still ask for # a password $hash = $current['userhash']; } elseif (isset($_GET['uid']) && $_GET['uid'] == $current['userhash']) { # they got to this page from a link in an email $hash = $current['userhash']; } else { $hash = ''; } $finaltext = $GLOBALS['strUnsubscribeFinalInfo']; $pref_url = getConfig('preferencesurl'); $sep = strpos($pref_url, '?') !== false ? '&' : '?'; $finaltext = str_ireplace('[preferencesurl]', $pref_url . $sep . 'uid=' . $hash, $finaltext); if (!$some) { #0013076: Blacklisting posibility for unknown users if (!$blacklistRequest) { $res .= '<b>' . $GLOBALS['strNoListsFound'] . '</b></ul>'; } $res .= '<p><input type=submit value="' . $GLOBALS['strUnsubscribe'] . '">'; } else { if ($blacklistRequest) { $res .= $GLOBALS['strExplainBlacklist']; } elseif (!UNSUBSCRIBE_JUMPOFF) { list($r, $c) = explode(',', getConfig('textarea_dimensions')); if (!$r) { $r = 5; } if (!$c) { $c = 65; } $res .= $GLOBALS['strUnsubscribeRequestForReason']; $res .= sprintf('<br/><textarea name="unsubscribereason" cols="%d" rows="%d" wrap="virtual"></textarea>', $c, $r) . $finaltext; } $res .= '<p><input type=submit name="unsubscribe" value="' . $GLOBALS['strUnsubscribe'] . '"></p>'; } $res .= '</form>'; $res .= '<p>' . $GLOBALS['PoweredBy'] . '</p>'; $res .= $GLOBALS['pagedata']['footer']; return $res; }
print '<title>' . $GLOBALS['strPreferencesTitle'] . '</title>'; print $subscribepagedata['header']; if (!TEST) { if ($emailchanged) { if (sendMail($data['email'], getConfig('updatesubject'), $oldaddressmessage, system_messageheaders($email), $envelope) && sendMail($email, getConfig('updatesubject'), $newaddressmessage, system_messageheaders($email), $envelope)) { $ok = 1; sendAdminCopy('Lists information changed', "\n" . $data['email'] . " has changed their information.\n\nThe email has changed to {$email}.\n\n{$history_entry}", $subscriptions); addUserHistory($email, 'Change', $history_entry); } else { $ok = 0; } } else { if (sendMail($email, getConfig('updatesubject'), $message, system_messageheaders($email), $envelope)) { $ok = 1; sendAdminCopy('Lists information changed', "\n" . $data['email'] . " has changed their information\n\n{$history_entry}", $subscriptions); addUserHistory($email, 'Change', $history_entry); } else { $ok = 0; } } } else { $ok = 1; } if ($ok) { print '<h3>' . $GLOBALS['strPreferencesUpdated'] . '</h3>'; if ($emailchanged) { echo $strPreferencesEmailChanged; } print '<br/>'; if ($_GET['p'] == 'preferences') { #0013134: turn off the confirmation email when an existing subscriber changes preference.
function addEmailToBlackList($email, $reason = '', $date = '') { if (empty($date)) { $sqldate = 'now()'; } else { $sqldate = '"' . $date . '"'; } #0012262: blacklist only email when email bounces. (not users): Function split so email can be blacklisted without blacklisting user Sql_Query(sprintf('insert ignore into %s (email,added) values("%s",%s)', $GLOBALS['tables']["user_blacklist"], sql_escape($email), $sqldate)); # save the reason, and other data Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"], sql_escape($email), "reason", addslashes($reason))); foreach (array("REMOTE_ADDR") as $item) { # @@@do we want to know more? if (isset($_SERVER[$item])) { Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"], addslashes($email), $item, addslashes($_SERVER[$item]))); } } addUserHistory($email, s('Added to blacklist'), s('Added to blacklist for reason %s', $reason)); ## call plugins to tell them if (isset($GLOBALS['plugins']) && is_array($GLOBALS['plugins'])) { foreach ($GLOBALS['plugins'] as $pluginname => $plugin) { if (method_exists($plugin, "blacklistEmail")) { $plugin->blacklistEmail($email); } } } }
} $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $tables["user"], $userid)); $current_data = array_merge($current_data, getUserAttributeValues('', $userid)); $information_changed = 0; foreach ($current_data as $key => $val) { if (!is_numeric($key)) { if (isset($old_data[$key]) && $old_data[$key] != $val && $old_data[$key] && $key != "password" && $key != "modified") { $information_changed = 1; $history_entry .= "{$key} = {$val}\n*changed* from {$old_data[$key]}\n"; } } } if (!$information_changed) { $history_entry .= "\nNo user details changed"; } addUserHistory($user["systemvalues"]["email"], "Import by " . adminName(), $history_entry); } #add this user to the lists identified, except when they are blacklisted $isBlackListed = isBlackListed($user["systemvalues"]["email"]); if (!$isBlackListed && is_array($_SESSION["lists"])) { reset($_SESSION["lists"]); $addition = 0; $listoflists = ""; while (list($key, $listid) = each($_SESSION["lists"])) { $query = "replace INTO " . $tables["listuser"] . " (userid,listid,entered) values({$userid},{$listid},now())"; $result = Sql_query($query, 1); # if the affected rows is 2, the user was already subscribed $addition = $addition || Sql_Affected_Rows() == 1; $listoflists .= " * " . listName($key) . "\n"; # $_SESSION["listname"][$key] . "\n"; }
<?php if (empty($_SESSION['last_addemail'])) { $_SESSION['last_addemail'] = 0; } if (!empty($_GET['email'])) { $delay = time() - $_SESSION['last_addemail']; if ($delay > ADD_EMAIL_THROTTLE) { $_SESSION['last_addemail'] = time(); Sql_Query(sprintf('insert into %s (email,uniqid,htmlemail,entered) values("%s","%s",1,now())', $GLOBALS['tables']['user'], sql_escape($_GET['email']), getUniqid()), 1); addUserHistory($_GET['email'], 'Added by ' . adminName(), ''); $status = $GLOBALS['I18N']->get('Email address added'); } else { # pluginsCall('processError','Error adding email address, throttled'); foreach ($GLOBALS['plugins'] as $plname => $plugin) { $plugin->processError('Add email throttled ' . $delay); } $status = $GLOBALS['I18N']->get('Adding email address failed'); } }
function processBounce($link, $num, $header) { global $tables; $headerinfo = imap_headerinfo($link, $num); $body = imap_body($link, $num); $msgid = 0; $user = 0; preg_match("/X-MessageId: (.*)/i", $body, $match); if (is_array($match) && isset($match[1])) { $msgid = trim($match[1]); } if (!$msgid) { # older versions use X-Message preg_match("/X-Message: (.*)/i", $body, $match); if (is_array($match) && isset($match[1])) { $msgid = trim($match[1]); } } preg_match("/X-ListMember: (.*)/i", $body, $match); if (is_array($match) && isset($match[1])) { $user = trim($match[1]); } if (!$user) { # older version use X-User preg_match("/X-User: (.*)/i", $body, $match); if (is_array($match) && isset($match[1])) { $user = trim($match[1]); } } # some versions used the email to identify the users, some the userid and others the uniqid # use backward compatible way to find user if (preg_match("/.*@.*/i", $user, $match)) { $userid_req = Sql_Fetch_Row_Query("select id from {$tables["user"]} where email = \"{$user}\""); if (VERBOSE) { output("UID" . $userid_req[0] . " MSGID" . $msgid); } $userid = $userid_req[0]; } elseif (preg_match("/^\\d\$/", $user)) { $userid = $user; if (VERBOSE) { output("UID" . $userid . " MSGID" . $msgid); } } elseif ($user) { $userid_req = Sql_Fetch_Row_Query("select id from {$tables["user"]} where uniqid = \"{$user}\""); if (VERBOSE) { output("UID" . $userid_req[0] . " MSGID" . $msgid); } $userid = $userid_req[0]; } else { $userid = ''; } Sql_Query(sprintf('insert into %s (date,header,data) values("%s","%s","%s")', $tables["bounce"], date("Y-m-d H:i", @strtotime($headerinfo->date)), addslashes($header), addslashes($body))); $bounceid = Sql_Insert_id(); if ($msgid == "systemmessage" && $userid) { Sql_Query(sprintf('update %s set status = "bounced system message", comment = "%s marked unconfirmed" where id = %d', $tables["bounce"], $userid, $bounceid)); logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, user marked unconfirmed")); addUserHistory($user, $GLOBALS['I18N']->get("Bounced system message"), "\n <br/>" . $GLOBALS['I18N']->get("User marked unconfirmed") . "\n <br/><a href=\"./?page=bounce&id={$bounceid}\">" . $GLOBALS['I18N']->get("View Bounce") . "</a>\n\n "); Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $tables["user"], $userid)); } elseif ($msgid && $userid) { Sql_Query(sprintf('update %s set status = "bounced list message %d", comment = "%s bouncecount increased" where id = %d', $tables["bounce"], $msgid, $userid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["message"], $msgid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["user"], $userid)); Sql_Query(sprintf('insert into %s set user = %d, message = %d, bounce = %d', $tables["user_message_bounce"], $userid, $msgid, $bounceid)); } elseif ($userid) { Sql_Query(sprintf('update %s set status = "bounced unidentified message", comment = "%s bouncecount increased" where id = %d', $tables["bounce"], $userid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["user"], $userid)); } elseif ($msgid === 'systemmessage') { Sql_Query(sprintf('update %s set status = "bounced system message", comment = "unknown user" where id = %d', $tables["bounce"], $bounceid)); logEvent("{$userid} " . $GLOBALS['I18N']->get("system message bounced, but unknown user")); } elseif ($msgid) { Sql_Query(sprintf('update %s set status = "bounced list message %d", comment = "unknown user" where id = %d', $tables["bounce"], $msgid, $bounceid)); Sql_Query(sprintf('update %s set bouncecount = bouncecount + 1 where id = %d', $tables["message"], $msgid)); } else { Sql_Query(sprintf('update %s set status = "unidentified bounce", comment = "not processed" where id = %d', $tables["bounce"], $bounceid)); return false; } return true; }